package com.frame.common.security;

import java.util.Collection;
import java.util.Iterator;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

public class MyAccessDecisionManager implements AccessDecisionManager {  
        public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {  
            //System.out.println("MyAccessDecisionManager.decide");
        	if(configAttributes == null) {  
                return;  
            }  
            //所请求的资源拥有的权限(一个资源对多个权限)  
            Iterator<ConfigAttribute> iterator = configAttributes.iterator();  
            while(iterator.hasNext()) {  
                ConfigAttribute configAttribute = iterator.next();  
                //访问所请求资源所需要的权限  
                String needPermission = configAttribute.getAttribute();  
                //System.out.println("needPermission is " + needPermission); 
                //用户所拥有的权限authentication  
                for(GrantedAuthority ga : authentication.getAuthorities()) {  
                    if(needPermission.equals(ga.getAuthority())) {  
                        return;  
                    }  
                }  
            }  
            //没有权限会跳转到login.htm页面
            throw new AccessDeniedException("没有权限访问");  
        }  
       /**
        *   这个 supports(ConfigAttribute) 方法在启动的时候被  AbstractSecurityInterceptor调用，
        *   来决定AccessDecisionManager 是否可以执行传递ConfigAttribute。 
        */
         public boolean supports(ConfigAttribute attribute) {  
            return true;  
        }  
      
        /**
         *   supports(Class)方法被安全拦截器实现调用， 
         *   包含安全拦截器将显示的AccessDecisionManager支持安全对象的类型。
         */
        public boolean supports(Class<?> clazz) {  
            return true;  
        }  
          
    }  